Stories by Lucian Constantin

Malware served through rogue Tor exit node tied to cyberespionage group

A malware program distributed recently through a rogue server on the Tor anonymity network was also used in targeted attacks against European government agencies.

Sonatype aims to help developers reduce risk from open-source components

Software developers use a large number of open-source components, often oblivious to the security risks they introduce or the vulnerabilities that are later discovered in them.

Microsoft fixes critical crypto flaw, strenghtens encryption for older systems

Microsoft fixed a critical vulnerability Tuesday in the Windows cryptographic library that could expose Windows servers to remote code execution attacks. The update also adds support for stronger and more modern cryptographic ciphers to older Windows versions.

First Stuxnet victims were five Iranian industrial automation companies

For the first time since Stuxnet was discovered in 2010, researchers have publicly named the worm's original victims: five Iranian companies involved in industrial automation.

Adobe fixes eighteen vulnerabilities in Flash Player

Adobe Systems released critical security updates Tuesday for Flash Player to address 18 vulnerabilities, many of which can be remotely exploited to compromise underlying systems.

Microsoft updates EMET security tool to solve compatibility issues, harden exploit mitigations

Microsoft's Enhanced Mitigation Experience Toolkit (EMET), a security program popular with companies, was updated Monday to harden the exploit mitigations that it adds to other programs and to address compatibility issues with some of them.

Cyberespionage group targets traveling execs through hotel networks

For the past four years a group of sophisticated hackers has compromised the networks of luxury hotels to launch malware attacks against corporate executives and entrepreneurs traveling on business in the Asia-Pacific region.

DigiCert is considering SSL certificates for more Tor hidden services

Certificate authority DigiCert is considering issuing SSL certificates to more Tor .onion address owners after recently providing Facebook with one.

WireLurker attacks against iOS devices also launched from Windows PCs

Attackers have used rogue applications for both OS X and Windows to infect iPhones and iPads in China with a malware program that steals contact information and other private data.

Informational Wi-Fi traffic can be used as covert communication channel for malware

A security researcher has developed a tool to demonstrate how the unauthenticated data packets in the 802.11 wireless LAN protocol can be used as a covert channel to control malware on an infected computer.

Cisco patches serious vulnerabilities in small business RV Series routers

Cisco Systems released patches for its small business RV Series routers and firewalls to address vulnerabilities that could allow attackers to execute arbitrary commands and overwrite files on the vulnerable devices.

Google releases tool to test apps, devices for SSL/TLS weaknesses

Google released a tool that can be used to test whether the SSL/TLS encrypted connections opened by applications or devices are vulnerable to man-in-the-middle attacks.

Popular messaging apps fail EFF's security review

Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF).

BlackEnergy cyberespionage group targets Linux systems and Cisco routers

A cyberespionage group that has built its operations around a malware program called BlackEnergy has been compromising routers and Linux systems based on ARM and MIPS architectures in addition to Windows computers.

Seeking security, American Express aims to swap card numbers with tokens

In an effort to make to make Internet and mobile transactions more secure, American Express has launched a new service that aims to replace payment card numbers with unique tokens.